1. Field of the Invention
The present invention relates to the technique pertaining to the access control of programs and data which are handled by a computer, and particularly to the technique for providing programs and data themselves with the access control function.
2. Description of the Prior Art
There have been two major types of access control for programs and data which are handled by a computer, one being based on the access control list, the other being based on the capability. The access control list includes three items, which are data as a target of access, the host of access, and the condition of access right. Specifically, it stores attributes of data indicative of what type of access by what person is to be permitted. This kind of technique is proposed in Japanese Published Unexamined Patent Application No. Sho 62-235655, for example. This proposal is intended to implement the access control not only by the host of access, but also by the terminal used by the host.
The capability provides the host of access with information of access control so that the host of access presents the access right to the target of access before the host is enabled to access the target. This kind of technique is proposed in Japanese Published Unexamined Patent Application No. Sho 62-251948, for example. This proposal is designed to use a character string for the attribute of data, so that the user who intends to make access to data presents a specific character string to the data.
In order to cope with illegal access attempts which cannot be dealt with by the ordinary access control technique, such as the case of direct analysis of physical characteristics of the storage medium which stores data, there has been proposed the combination of the access control technique and the encryption technique, as described in Japanese Published Unexamined Patent Applications No. Sho 63-311454, No. Hei 03-276345, and No. Hei 09-44407.
The above-mentioned techniques are all based on the premise of the usage within the access control system, and access control of data becomes infeasible once data is taken out and put into other system. Although it is possible to encrypt data so that non-legitimate persons cannot take out decrypted data and put it into other systems, if data is put into other system by a legitimate user, access control of the data is no longer feasible and the data will be accessed by non-legitimate persons. It is possible to preclude legitimate users from taking out decrypted data, however, in this case even legitimate users cannot use data in other systems unless it has the access control function identical to that of the inherent system.
The present invention is intended to overcome the foregoing prior art deficiencies, and there are arranged, in correspondence to data, verification means which authenticate the right of access to the data and usage control means which enable the access to the data when the access right is verified, with this set of means and data being treated as a data capsule.
In case there exists a manner of data access beyond the control range of the usage control means, then data is encrypted in advance, there are arranged, in correspondence to the data, verification means which authenticate the right of access to the data, usage control means which enables the access to the data when the access right is verified, and decryption means which decrypt the data, with this set of means and data being treated as a data capsule.
In case the data decryption key exists within the data capsule, illegal data access can possibly be made based on the analysis of the data capsule, the extraction of the data decryption key, and the decryption of the data. For preventing this impropriety, it is desirable to get the key for decrypting encrypted data from information in the data capsule and information which proves the user""s access right.